Login | Register

Threat Modeling for Cloud and NFV Infrastructures


Threat Modeling for Cloud and NFV Infrastructures

Alhebaishi, Nawaf (2020) Threat Modeling for Cloud and NFV Infrastructures. PhD thesis, Concordia University.

[thumbnail of Alhebaishi_PhD_S2021.pdf]
Text (application/pdf)
Alhebaishi_PhD_S2021.pdf - Accepted Version
Available under License Spectrum Terms of Access.


Today’s businesses are increasingly relying on the cloud as an alternative IT solution due to its flexibility and lower cost. Compared to traditional enterprise networks, a cloud infrastructure is typically much larger and more complex. Understanding the potential security threats in such infrastructures is naturally more challenging than in traditional networks. This is evidenced by the fact that there are limited efforts on threat modeling for cloud infrastructures. My doctoral research will tackle several issues related to this.

In the first topic, we have conducted comprehensive threat modeling exercises based on two representative cloud infrastructures using several popular threat modeling methods, including attack surface, attack trees, attack graphs, and security metrics based on attack
trees and attack graphs, respectively. In addition, we show how hardening solution can be applied based on the threat models and security metrics through extended exercises. Such results may not only benefit the cloud provider but also embed more confidence in cloud tenants by providing them a clearer picture of the potential threats and mitigation solutions.

In the second topic, we take the first step towards understanding and mitigating the insider threats of remote administrators in clouds. First, we model the maintenance task assignments and their corresponding security impact due to privilege escalation. Second, we mitigate such impact through optimizing the task assignments with respect to given
constraints. Finally, the simulation results demonstrate the effectiveness of our solution in various scenarios.

In the third topic, we focus on modeling and mitigating security threats unique to network functions virtualization (NFV), which provides virtualization of network functions based on cloud infrastructures. First, we model both cross-layer and co-residency attacks on the NFV stack. Second, we mitigate such threats through optimizing the virtual machine (VM) placement with respect to given constraints. The simulation results demonstrate the effectiveness of our solution.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (PhD)
Authors:Alhebaishi, Nawaf
Institution:Concordia University
Degree Name:Ph. D.
Program:Information and Systems Engineering
Date:28 September 2020
Thesis Supervisor(s):Wang, Lingyu
Keywords:Threat Modeling, Cloud Infrastructures, Security Metric, NFV, Remote Administrator Maintenance Task, Cloud Threat Modeling, Insider Threat, NFV Threat Modeling,
ID Code:987571
Deposited On:29 Jun 2021 20:49
Last Modified:01 Nov 2022 00:00
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top